Re: Intergration problem, when upgrading wordpress 2.8
Ok.. I’m not 100% on this, but it seems the cookie hashing algorithm changed in WP2.8 .
In WP2.7, in wp-includes/pluggable.php (line 512)
if ( $expired < time() ) {
do_action('auth_cookie_expired', $cookie_elements);
return false;
}
$key = wp_hash($username . ‘|’ . $expiration, $scheme);
$hash = hash_hmac(‘md5’, $username . ‘|’ . $expiration, $key);
and in 2.8:
// Quick check to see if an honest cookie has expired
if ( $expired < time() ) {
do_action('auth_cookie_expired', $cookie_elements);
return false;
}
$user = get_userdatabylogin($username);
if ( ! $user ) {
do_action(‘auth_cookie_bad_username’, $cookie_elements);
return false;
}
$pass_frag = substr($user->user_pass, 8, 4);
$key = wp_hash($username . $pass_frag . ‘|’ . $expiration, $scheme);
$hash = hash_hmac(‘md5’, $username . ‘|’ . $expiration, $key);
So, in 2.8 the hash is salted with 4 character’s of the USer’s password. The “freshly_baked_cookies” plugin hasn’t been upgraded to match this change, so it always fails to match the hashed cookies.
Unfortunateyl,the get_userdatabylogin function doesn’t seem to exist in bbpress…..
